DEVHIDE
Login Or Sign up

What is skaffold doing after skaffold build pushed successfully

153 Views Asked by At

When I run skaffold in a github workflow like this

skaffold build

it calls the gradle jib correctly, creates an image and pushes it to the ghcr successfully. Grdale finishes successfully as can be seen in the log. Nevertheless, something happens afterwards that fails. It seems someone tries to access the just built image but is not authorized. This does not happen, if I execute it locally. And it does not fail in the github workflow if I call gradlew jib directly without skaffold being involved.

Built and pushed image as ghcr.io/tobias-neubert/motd-service:453f4c4-dirty

BUILD SUCCESSFUL in 11s
4 actionable tasks: 4 executed
time="2023-02-15T12:07:09Z" level=error msg="No matching credentials were found for \"ghcr.io\""
time="2023-02-15T12:07:09Z" level=error msg="No matching credentials were found for \"ghcr.io\""
getting image: GET https://ghcr.io/token?scope=repository%3Atobias-neubert%2Fmotd-service%3Apull&service=ghcr.io: UNAUTHORIZED: authentication required
Error: Process completed with exit code 1.

The github workflow:

name: Build and push motd-service

on:
  push:

permissions:
  packages: write

jobs:
  build:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout Code
        uses: actions/checkout@v3

      - name: Set up Java
        uses: actions/setup-java@v2
        with:
          java-version: 17
          distribution: temurin

      - name: Setup Gradle
        uses: gradle/gradle-build-action@v2

      - name: Make gradlew executable
        run: chmod +x ./gradlew

      - name: Install skaffold
        run: |
          curl -Lo skaffold https://storage.googleapis.com/skaffold/releases/latest/skaffold-linux-amd64 && \
          sudo install skaffold /usr/local/bin/

      - name: Deactivate collecting skaffold metrics
        run: skaffold config set --global collect-metrics false

      - name: Build the motd image
        env:
          GH_PASSWORD: '${{ secrets.GITHUB_TOKEN }}'
        run: skaffold build

Does anybody know what happens here?

github-actions skaffold jib ghcr
Original Q&A
1

There are 1 best solutions below

0
On

It tries to fetch the digest of the new image, which it needs to render the k8s resources. Pushing the image was made by gradle. The jib plugin is configured to use environment variables for authenticating against ghcr.io. But skaffold does not know about those. So it fails to authenticate. A docker login does the trick, although it is not safe in a CI. So now I have to search for a better way to tell skaffold to authenticate against the registry

Related Questions in GITHUB-ACTIONS

Related Questions in SKAFFOLD

Related Questions in JIB

Related Questions in GHCR

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.